c# - SQLite INSERT Statement -
I have created the following insert method that works very well but I know that it can be more efficient Can anyone show me how to use this method to use the parameter and / or increase its capability?
Public static void SQLiteTableINSERT (string filename) {int colCount = 0; (Using SQLiteConnection Conn = New SQLiteConnection (SQLiteConn.Conn)) (SQLiteTransaction using sqliteTrans = Conn.BeginTransaction ()) (SQLiteCommand CMD = Conn.CreateCommand ()) {DataTableColumnNames (); String query = "INSERT" + tableName + "(foreach (string name in DtColumns) {query + =" ["+ name +"] "; ++ colCount; if (call count
It should use the prepared statement in the Stave, then binding in that prepared statement, the data basics for the parameters are explained here for C / C ++:
I doubt That you are using dotConnect so that you want to mention it for your specific example:
Applies to the same principle. You write SQL as a string string that is easy to read, review and modify your source code. You then send the SQL command to the SQLite with the data elements to replace each parameter of the data parameter, this technique clears your code and helps to avoid attacks of SQL injection or mixup.
Comments
Post a Comment